General Best Practice for role-based security
From: Frank J (FrankJ_at_discussions.microsoft.com)
Date: 06/16/04
- Next message: Frank J: "best practice for role-based security"
- Previous message: Frank J: "Best practice for role-based security"
- Next in thread: Joe Kaplan \(MVP - ADSI\): "Re: General Best Practice for role-based security"
- Reply: Joe Kaplan \(MVP - ADSI\): "Re: General Best Practice for role-based security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 16 Jun 2004 11:11:57 -0700
We are design an intranet web application backed by centralized SQL DB.
After user login, depending on the deptartment, role(manager, employee, data operator) web page will show/or not show certain sections.
Most important, within one page, based on the role of login-user, some functions will hide/show from the user. For example, an account dept. employee shouldn't see client login password, while customer service cannot delete client account. i.e. for a simple page like client info, there will be so many variants. How can I avoid creating redundent user interface for a same information?
I believe this is an common issue and am looking for best practices. How do I get started? Is there any whitepaper or sample available?
- Next message: Frank J: "best practice for role-based security"
- Previous message: Frank J: "Best practice for role-based security"
- Next in thread: Joe Kaplan \(MVP - ADSI\): "Re: General Best Practice for role-based security"
- Reply: Joe Kaplan \(MVP - ADSI\): "Re: General Best Practice for role-based security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
